lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 17 Nov 2017 09:57:42 -0700
From:   Jason Gunthorpe <jgg@...pe.ca>
To:     Javier Martinez Canillas <javierm@...hat.com>
Cc:     linux-kernel@...r.kernel.org,
        Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
        Peter Huewe <peterhuewe@....de>,
        Philip Tricca <philip.b.tricca@...el.com>,
        linux-integrity@...r.kernel.org,
        William Roberts <william.c.roberts@...el.com>
Subject: Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation
 fails

On Fri, Nov 17, 2017 at 11:07:24AM +0100, Javier Martinez Canillas wrote:
 
> This patch is an RFC because I'm not sure if this is the correct way to fix this
> issue. I'm not that familiar with the TPM driver so may had missed some details.
> 
> And example of user-space getting confused by the TPM chardev returning -EINVAL
> when sending a not supported TPM command can be seen in this tpm2-tools issue:
> 
> https://github.com/intel/tpm2-tools/issues/621

I think this is a user space bug, unfortunately.

We talked about this when the spaces code was first written and it
seemed the best was to just return EINVAL to indicate that the kernel
could not accept the request.

This result is semantically different from the TPM could not execute
or complete the request.

Regarding your specific issue, can you make the command you want to
use validate? Would that make sense?

> +	/*
> +	 * If command validation fails, sent it to the TPM anyways so it can
> +	 * report a proper error to user-space. Just don't do any TPM space
> +	 * management in this case.
> +	 */
> +	cmd_validated = tpm_validate_command(chip, space, buf, bufsiz);

And sending a command that failed to validate to the TPM cannot be
done, as it violates our security model

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ